Facing the escalating number of reported Common Vulnerabilities and Exposures (CVEs), Veracode offers a solution providing comprehensive tools for detection and remediation of security vulnerabilities. The article further delves into how Veracode Collections contributes to overcoming limitations in traditional scanning approaches, allowing a more efficient and customized security review of complex microservice architectures.
Da digitale Innovationen und KI-Technologien zunehmend an Bedeutung gewinnen, ist es für Unternehmen besonders wichtig, mit dem technologischen Fortschritt mitzuhalten. So hat sich auch Senacor dafür entschieden, die technologischen Innovationen in das Kerngeschäft...
Supply Chain Security is an important topic. We have seen this with huge security issues which had received a lot of media attention like Log4j commonly known as "Log4Shell" and just recently the attack on liblzma which was given a 10.0 score on the CVE, which is the...
This article dives into the essentials and tactics for mastering automated dependency management, with a spotlight on Renovate.
When writing tests, it’s not only about whether they really correctly test your code and how much coverage they achieve. One important thing is also how much information you’ll get when there is a failing test. Ever since I am using Kotlin, I am using the combination...
Our authors Pascal and Bastian investigated the Google Software Delivery Shield which is Google’s fully managed solution for software supply chain security. In this article they describe how software supply chain security can be achieved during the different steps of the software development lifecycle with the Google Software Delivery Shield.
Our author Daniel gives an introduction into Software Supply Chain Security in software development processes and highlights its importance. The article stresses how neglecting security in the software development process can lead to successful attacks, compromising users‘ data and systems. It also provides tips on achieving Software Supply Chain Security, including scanning for vulnerabilities, updating dependencies, and secret detection.
There are three main types of telemetry data – often referred to as pillars of observability – that are typically gathered: metrics, logs and traces. Here we focussed on tracing which enables visualizations making it possible to understand the performance characteristics of a distributed system.
In the swiftly changing world of software development, the choice of programming language plays a crucial role. To emphasize this, our colleagues Lukas and Georg effectively developed a Microservice Architecture in Kotlin for one of the largest direct banks in Germany. With numerous years of expertise in Java, this project marked their most extensive exploration of Kotlin. Join them on their fascinating voyage as they explain why Kotlin proved to be a superior choice over Java.
Die Craft Conference in Budapest ist eine renommierte Konferenz, die sich auf das Handwerk (“craft”) der Softwareentwicklung spezialisiert. Die Craft Conf zeichnete sich durch ihre breit gefächerte Themenvielfalt und zahlreiche hochkarätige und prominente Sprecher aus. In diesem Jahr fand die Veranstaltung zwischen am 18. und 19. Mai 2023 im beeindruckenden Ambiente des alten Eisenbahnmuseums statt. Unser Kollege Patrick war vor Ort und fasst seine wichtigsten Erkenntnisse und Eindrücke zusammen.